SecurityFocus Linux Newsletter #246
----------------------------------------

This Issue is Sponsored By: AirDefense

FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You 
Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_linux-secnews_050726

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Greasing the wheel with Greasemonkey
       2. Security still underfunded
II.  LINUX VULNERABILITY SUMMARY
       1. No-Brainer SMTP Client Log_Msg() Remote Format String 
Vulnerability
       2. Computer Associates BrightStor ARCserve Backup Remote Buffer 
Overflow Vulnerability
       3. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass 
Vulnerability
       4. Linux Kernel Stack Fault Exceptions Unspecified Local Denial 
of Service Vulnerability
       5. Linux Kernel NFSACL Protocol XDR Data Remote Denial of 
Service Vulnerability
       6. Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
       7. Lantronix Secure Console Server SCS820/SCS1620 Multiple Local 
Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Greasing the wheel with Greasemonkey
By Scott Granneman
If blogging is enjoyable because it allows us to watch an interesting 
mind at work, then Jon Udell's blog is definitely among the most 
enjoyable.
http://www.securityfocus.com/columnists/346

2. Security still underfunded
By Kelly Martin
Blackhat is one of my favorite places to do some casual online banking 
over an insecure WiFi connection. Where's the risk, right?
http://www.securityfocus.com/columnists/345


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability
BugTraq ID: 14441
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14441
Summary:
A remote format string vulnerability affects the message logging 
functionality of nbSMTP. This issue is due to a failure of the application to 
properly sanitize user-supplied input prior to passing it as the format 
specifier to a formatted printing function.

A remote attacker may leverage this issue to write to arbitrary process 
memory, facilitating code execution.

2. Computer Associates BrightStor ARCserve Backup Remote Buffer 
Overflow Vulnerability
BugTraq ID: 14453
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14453
Summary:
Computer Associates BrightStor ARCserve Backup and BrightStor 
Enterprise Backup Agents for Windows are affected by a remote stack-based buffer 
overflow vulnerability.  This issue is due to a failure of the 
application to perform proper bounds checking on data supplied to the 
application.

A remote attacker may exploit this issue to execute arbitrary code on a 
vulnerable computer with SYSTEM privileges. A denial of service 
condition may arise as well.


3. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass 
Vulnerability
BugTraq ID: 14455
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14455
Summary:
Metasploit Framework is susceptible to a restriction bypass 
vulnerability in msfweb. This issue is due to a failure of the application to 
properly implement access control restrictions.

This issue allows remote attackers to bypass security restrictions in 
the affected Web server. Attackers may exploit this issue to attack 
arbitrary computers using the Metasploit Framework, while originating the 
attacks from the computer hosting the vulnerable msfweb process.

Attackers may also interact with the payload features in the Metasploit 
Framework to manipulate files on the hosting computer, likely leading 
to executing arbitrary commands and then complete system compromise.

It should be noted that the Metasploit Framework documentation 
specifies that msfweb should not be globally accessible, due to potential 
security problems.

4. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of 
Service Vulnerability
BugTraq ID: 14467
Remote: No
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14467
Summary:
Linux kernel is reported prone to an unspecified local denial of 
service vulnerability.

It was reported that this issue arises when a local user triggers stack 
fault exceptions. A local attacker may exploit this issue to carry out 
a denial of service attack against a vulnerable computer by crashing 
the kernel.


5. Linux Kernel NFSACL Protocol XDR Data Remote Denial of Service 
Vulnerability
BugTraq ID: 14470
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14470
Summary:
Linux Kernel is affected by a remote denial of service vulnerability 
when handling XDR data for the nfsacl protocol.

Specific details about this issue were not disclosed.  It is 
conjectured that an attacker crafts malformed XDR data that contains large string 
values to corrupt kernel memory.

This may result in a denial of service condition.

6. Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
BugTraq ID: 14477
Remote: No
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14477
Summary:
Linux kernel is prone to an array index buffer overflow vulnerability.  
This issue exists due to insufficient validation of user-supplied data.  
The vulnerability exists in the XFRM network architecture code.  

A successful attack can allow a local attacker to trigger an overflow, 
which may lead to a denial of service condition due to memory 
corruption.  Arbitrary code execution may be possible, however, this has not 
been confirmed.

This issue affects Linux Kernel versions 2.6.x.

7. Lantronix Secure Console Server SCS820/SCS1620 Multiple Local 
Vulnerabilities
BugTraq ID: 14486
Remote: No
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14486
Summary:
Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible 
to multiple local vulnerabilities.

The first issue is an insecure default permission vulnerability. 
Attackers may exploit this vulnerability to write data to arbitrary files 
with superuser privileges. Other attacks are also possible.

The second issue is a directory traversal vulnerability in the 
command-line interface. Attackers may exploit this vulnerability to gain 
inappropriate access to the underlying operating system.

The third issue is a privilege escalation vulnerability in the 
command-line interface. Local users with 'sysadmin' access to the device can 
escape the command-line interface to gain superuser privileges in the 
underlying operating system.

The last issue is a buffer overflow vulnerability in the 'edituser' 
binary. Attackers may exploit this vulnerability to execute arbitrary 
machine code with superuser privileges.

The reporter of these issues states that firmware versions prior to 4.4 
are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------

If your email address has changed email listadmin@securityfocus.com and 
ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense

FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You 
Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_linux-secnews_050726